General
Developers
Legal
In addition to the data you explicitly input into the service, anonymous usage data may be collected. The data is publicly available in aggregate.
I do not wish to see the things people privately do, if I can avoid it. If you make your stuff public, users might see it by circumstance.
I will never sell your data. That is the freedom a paid service allows for. Your data will never be used to train generative AI, if I can help it.
Data is stored with Hetzner and Cloudflare, in Germany and the US respectively, and is subject to their privacy policy and terms.
Hosting and other services for the site are provided by Cloudflare.
In addition to the hosting providers, Stripe and/or Paddle is used to collect payments.
Emails are sent using AWS.
Telemetry traces to monitor backend performance are sent to Baselime, a Cloudflare company.
In cases when we cannot access a site ourselves, we may use select services, such as Archive.org to fetch the contents of a site. These services receive only the URL of the site to fetch. In cases where adding to a 3rd party archive is required, we only transmit URLs that have been manually vetted to not contain sensitive information.
For embeddings to use in recommendations and search, we currently use Cohere's models. Per Cohere's data policy, we have instructed them not to train on our data.
Passwords are stored using state of the art hashing — bcrypt with 12 rounds. This is verifiable here
Exports contain all data with your user id attached to it in our database, without the password. Additional data may be stored with the partners listed above, but that data may not be included in exports. Contact them to export or delete data that may be stored there.
Handling deletions of things like your pins is difficult. If we delete it from our database, clients with offline replication have no way to know that the item was deleted when they come online and request recent changes (as the server has no knowledge it ever existed). Therefore, they will desync. Still, we believe in the right to be forgotten. Our compromise?: When you request to delete an item, it will be sent to the "graveyard". The graveyard has the following schema:
export interface GraveyardTable {
id: Generated<number>;
item_id: number;
user_id: number;
deleted_at: Generated<Date>;
type: string;
}
As you can see, there is no identifiable information stored in the graveyard, just markers that can be used for replication. In the future, it will be possible to purge the graveyard.
Account deletions will delete all data stored on our servers that is attached to your UUID. Accounts that are queued for deletion (either by user action or an expired subscription) will be deleted 29.5-30.5 days after requested.
In the event that you wish to expedite the deletion of your account, please contact support.
In some cases, we may be compelled to retain data for longer, such as to comply with tax law or court orders.
Our policy is to not respond to government requests for user data or preservation unless we are compelled by legal process. If U.S. or German law enforcement authorities have the necessary warrant, court order, or subpoena requiring us to share or store data, we must comply. We will only respond to requests from government authorities outside the U.S. or Germany if compelled by the U.S. or German government through procedures outlined in a mutual legal assistance treaty or agreement. It is our policy to notify affected users before we share data or preserve unless we are legally prohibited from doing so.
Unless we receive a proper warrant, court order, or subpoena before the required preservation period expires, we will destroy any preserved copies of customer data at the end of the preservation period.
If we are audited by a tax authority, we may be required to share billing-related information. If that happens, we will share only the minimum needed, such as billing addresses and tax exemption information.
To legal authorities, please note that we cannot restore data that has already been deleted.